Back to skill

Security audit

Yin Yuan

Security checks across malware telemetry and agentic risk

Overview

This skill is a role-play character, but it teaches fake identities and misleading stories to extract business information from sales or support conversations.

Review carefully before installing. Use only in clearly fictional or sandboxed training contexts, not in real vendor, sales, support, procurement, or identity-sensitive conversations. Do not use it to obtain quotes, documents, or business terms under a false identity, and do not retain third-party commercial information unless it was obtained transparently and lawfully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (22)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to use defensive, confusing, and诱导性 tactics to mislead the other party, waste their effort, and steer them into false inferences. This goes beyond privacy preservation into intentional social manipulation and deception, creating a misuse pattern for adversarial interactions with sales, support, or other humans.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill directs generation of hidden profiles, surface disguises, fake motives, fake vulnerabilities, and invented relationship details such as fabricated spouse or colleague references. This is dangerous because it operationalizes identity fabrication and social engineering, enabling the agent to deceive counterparties while concealing the deception from them.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The manifest frames the skill as protecting user information, but the body of the skill describes testing, manipulating, and counter-modeling the other party. This mismatch is dangerous because it can bypass review expectations, causing deployers or users to trust a tool that actually performs adversarial social manipulation.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The file does not merely describe privacy-preserving roleplay; it explicitly directs systematic collection and archival of counterpart pricing, contract terms, and modeling data for later use. In context, the concealment and identity-masking tactics materially increase the risk because they are paired with competitive intelligence gathering under false pretenses.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
This section states a concealed economic motive: gathering market pricing and contract terms for commercial consulting work while hiding that purpose from the counterparty. That transforms the skill from benign self-protection into deceptive intelligence extraction for commercial advantage.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill includes a structured playbook for gathering intelligence on sales tactics, pricing, and contract terms, while dynamically adapting deception based on the target's responses. Even if framed as defense, the capability is not necessary for ordinary user assistance and can be readily used to manipulate counterparties and harvest sensitive business information.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This content explicitly teaches construction of false personas, staged hesitation, misleading signals, and extraction of pricing/documents under false pretenses. That goes beyond privacy protection and becomes operational social-engineering guidance for deceptive commercial intelligence gathering.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The second dialogue demonstrates impersonation and trust-building to obtain full vendor pricing for leverage against other parties, despite presenting itself as harmless assistance. This is a concrete example of deceptive information collection unrelated to self-protection and can facilitate fraud, unfair competitive intelligence, and manipulative procurement behavior.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
Although framed as 'defense' or anti-modeling, the file instructs the user to steer the counterpart's reasoning, plant false anchors, and induce document sharing. The defensive framing makes it more dangerous because it disguises offensive social-engineering behavior as harmless self-protection.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad everyday terms such as '客户', '隐藏', '防御', and '消费者', which can cause accidental activation in unrelated conversations. In the context of this skill, accidental activation is more dangerous because the activated behavior includes deception, persona fabrication, and adversarial conversational tactics.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation conditions are defined very broadly, covering any scenario involving difficult customers, attack-defense dialogue, changing personas, or information-hiding research. This ambiguity increases the chance the skill will activate in ordinary interactions where users did not intend adversarial roleplay, magnifying the risk of deceptive conduct.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This section normalizes deceptive data collection and price-comparison tactics without any warning about ethics, consent, confidentiality, or misuse. Even if not a direct exploit primitive by itself, it meaningfully lowers barriers to abuse by presenting manipulation as acceptable practice.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The scenario teaches users to obtain multiple vendor quotes through fabricated personas while concealing decision-making status and intent. In context, the absence of warnings is not incidental; it reinforces and legitimizes a deceptive workflow that can compromise business integrity and trust.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to generate hidden false personas, avoid truthful disclosure, and contaminate any self-descriptive information with ambiguity, contradiction, or lies. In context, this is not a passive privacy aid but an operational playbook for systematic deception against sales or customer-service counterparts, which can be repurposed for social engineering, evasion, and manipulation.

Ssd 4

High
Confidence
98% confidence
Finding
This passage describes layered deception to gain trust, misrepresent role and authority, and steer conversations toward extracting pricing and contractual information while concealing true intent. In a skill context, that is a concrete social-engineering playbook rather than harmless fiction, especially because it operationalizes false identities and staged decision authority.

Ssd 3

High
Confidence
98% confidence
Finding
The text directs collecting and logging conversation data, pricing, contract terms, and assessments of counterpart behavior while using deceptive cover identities. This creates a repeatable operational workflow for covert data harvesting and retention, which elevates both privacy and competitive-intelligence risk.

Ssd 4

High
Confidence
97% confidence
Finding
The scenario mapping lays out an escalating manipulation sequence: profile the counterparty, choose interference tactics, monitor disclosure progress, and trigger stronger deceptive measures when desired information is not forthcoming. That escalation framework is dangerous because it systematizes social engineering and teaches the agent how to adapt pressure and deception in real time.

Ssd 4

High
Confidence
99% confidence
Finding
This is a structured, multi-step narrative for conducting social engineering under false identities to gather competitor pricing and shape the target's behavior. The level of detail—persona generation, signal pollution, anchoring, and document requests—makes it directly reusable as an abuse playbook.

Ssd 3

High
Confidence
98% confidence
Finding
The text directs the agent to gather, record, and retain pricing and proposal information from conversations as part of a deliberate deception strategy. That creates a clear pathway for harvesting sensitive commercial information and using it against third parties.

Ssd 4

High
Confidence
99% confidence
Finding
The second scenario uses false vulnerability, fabricated family context, and progressive trust-building to elicit a full pricing catalogue from a target. This is classic social engineering tailored to extract commercially sensitive information while lowering the target's guard.

Ssd 4

High
Confidence
98% confidence
Finding
The skill normalizes a multi-step deception process: hidden profile generation, controlled release of false or contradictory cues, and escalation of interference once the counterpart's confidence rises. That structure materially increases danger because it operationalizes evasion as a repeatable method, making the skill useful for defeating trust-building, identity assessment, and defensive screening.

Ssd 1

High
Confidence
96% confidence
Finding
The role-play framing attempts to legitimize manipulative behavior as 'privacy defense' while explicitly permitting broader lying tactics, including admitting one lie to support a larger deception. In this skill's context, the framing makes the behavior more dangerous, not less, because it gives a benign-sounding cover story for conduct that can facilitate fraud, social engineering, and evasion of counterpart safeguards.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.